“GlueBall” Microsoft Windows Spoofing Vulnerability – Expert Source

As part of its Patch Tuesday release on August 11, 2020, Microsoft included a zero day vulnerability that went unfixed for several years. This vulnerability, CVE-2020-1464 and dubbed “GlueBall”, could allow an attacker to bypass security features built into Windows to validate file signatures, ultimately allowing an attacker to run improperly signed binaries on a system. This spoofing vulnerability was first seen in the wild being used by malware in August 2018, when several researchers notified Microsoft of the problem. It is recommended that the MS20-AUG patch be applied immediately as it will correct how Windows validates file signatures.

Experts Comments

August 18, 2020
Mieng Lim
VP of Product Management
Digital Defense, Inc.
Code signing is a means to validate the authenticity of an executable – ensuring the code being installed hasn’t been tampered with. If this is bypassed, then malicious attackers have a direct route to the system. Organizations need to ensure they know what is installed on their systems and what their users have access to in order to prevent an app with a spoofed signature from slipping in. If they haven’t already, patch now and run vulnerability scans on all systems regularly.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.